Currently there are only 2 ways to trigger the SAML Authentication with external IDP:
1. Using the SP Send URL for the external IDP to trigger the SAML Authentication Request
2. Use External Contract and assign to Identity provider as satisfies contract and use the external contract at Access Manager.
However, as Risk Policy Additional Authentication doesn't provide option to select contract(only class and methods), there is no way to authentication with external contract with Risk.
An option to trigger authentication with external SAML provider would be great with Risk Policy.
1. Create a method using IDP select Class and chose it with Risk Additional Authentication. However, this will provide a list of all the IDP and use need to select one. Small modification to method to configure the choice of IDP and directly send the Authentication request to the external IDP.
2. Add option to select identity providers under Risk Additional Authentication(only class and methods present currently) and trigger a spsendurl(https://idp/nidp/saml2/spsend?id=IDP_ID)
3. Create a Class to trigger external authentication.